directory-kerby mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <elecha...@gmail.com>
Subject Re: state of KDC
Date Fri, 03 Jul 2015 07:55:27 GMT
Thanks a lot !

what is needed, too, is a "state of the union" report for Kerby :
- who is active
- who is a potential committer
- how far are we from a release

Kiran has to fill a report for the project at the beginning of next week
(quaterly report sent to the Apache Board) and this information are very
useful.




Le 03/07/15 09:42, Li, Jiajia a écrit :
> Kerby Status Summary
>
> Supported(done and almost done):
> 1.      Kerberos library:
>    KrbClient API
>    KDC server API
>    Kadmin API
>    Credential cache and keytab utilities
> 2.      Provides a standalone KDC server .
> 3.      Supports various identity backends including:
> a)      MemoryIdentityBackend
> b)      JsonIdentityBackend
> c)      LdapIdentityBackend
> d)      ZookeeperIdentityBackend
> e)      MavibotBackend.
> 4.      Provides an embedded KDC server named SimpleKdcServer that applications can easily
integrate into products, unit tests or integration tests.
> 5.      Supports FAST/Preauthentication framework to allow popular and useful authentication
mechanisms.
> 6.      Supports Token Preauth mechanism to allow clients to request tickets using JWT
tokens.
> 7.      Client can request a TGT with:
> a)      User plain password credential
> b)      User keyTab
> c)      User token credential
> 8.      Client can request a service ticket with:
> a)      user TGT credential for a server
> b)      user AccessToken credential for a server
> 9.      Network support including UDP and TCP transport with two implementations:
> a)      Default implementation based on the JRE without depending on other libraries.
> b)      Netty based implementation for better throughput, lower latency.
> 10.     Tools:
> a)      kadmin: Command-line interfaces to the Kerby administration system.
> b)      kinit: Obtains and caches an initial ticket-granting ticket for principal.
> c)      klist: Lists the Kerby principal and tickets held in a credentials cache, or
the keys held in a keytab file.
> 11.     Provides support for JAAS, GSSAPI and SASL frameworks that applications can leverage
the authentication mechanisms provided by Kerby.
>
> In progress:
> 1.      Supports PKINIT mechanism to allow clients to request tickets using x509 certificate
credentials. (50% is finished)
> 2.      Server scripts for Kerby KDC.
> 3.      Building support: checking style and find bugs.
> 4.      Integration and compatible tests.
> 5.      Building the web site.
>
> Plan to do:
> 1.      Supports OTP mechanism to allow clients to request tickets using One Time Password.
> 2.      Consolidate the existing Change Password protocol implementation.
> 3.      REST representation for Kadmin interface.
> 4.      Implement remote mode kadmin tool based on Kadmin REST API
> 5.      Web management console to simplify the configuration and management
> 6.      Write the admin guide and user guide.
> 7.      Implementing cross-realm support.
>
> Please look at here https://github.com/apache/directory-kerby for details.
>
>
> Thanks
> Jiajia
>
> -----Original Message-----
> From: Kiran Ayyagari [mailto:kayyagari@apache.org]
> Sent: Friday, July 03, 2015 11:33 AM
> To: kerby@directory.apache.org
> Subject: state of KDC
>
> Can anyone summarize what our KDC can and cannot do?
>
> I want to know what features are currently supported and what not and what are in progress.
>
> thank you
>
> --
> Kiran Ayyagari
> http://keydap.com
>


Mime
View raw message